Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
A vulnerability allowing an authenticated user with the Backup Administrator role to write... High Unreviewed
CVE-2026-32997 was published May 28, 2026
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs High
CVE-2026-47243 was published for github.com/kata-containers/kata-containers (Go) May 27, 2026
JulesDT Credited to JulesDT, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability High
CVE-2026-32175 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) May 18, 2026
PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data High
CVE-2026-42315 was published for pyload-ng (pip) May 5, 2026
Sab44 Credited to Sab44
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version... Moderate Unreviewed
CVE-2026-6418 was published May 5, 2026
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix... Moderate Unreviewed
CVE-2026-44029 was published May 5, 2026
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows Moderate
CVE-2026-34515 was published for aiohttp (pip) Apr 1, 2026
nvn1729 Credited to nvn1729 and bdraco bdraco bdraco
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal... High Unreviewed
CVE-2026-4373 was published Mar 21, 2026
NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring() High
CVE-2026-0846 was published for nltk (pip) Mar 9, 2026
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP... High Unreviewed
CVE-2026-2753 was published Mar 6, 2026
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+ High
CVE-2026-28414 was published for gradio (pip) Mar 1, 2026
nvn1729 Credited to nvn1729
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary... High Unreviewed
CVE-2026-26337 was published Feb 19, 2026
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2026-1330 was published Jan 22, 2026
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability,... Moderate Unreviewed
CVE-2026-1020 was published Jan 16, 2026
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability,... High Unreviewed
CVE-2026-1018 was published Jan 16, 2026
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with... Moderate Unreviewed
CVE-2026-20834 was published Jan 13, 2026
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS High
CVE-2025-68472 was published for MindsDB (pip) Jan 12, 2026
locus-x64 Credited to locus-x64
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15237 was published Jan 5, 2026
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal... Moderate Unreviewed
CVE-2025-15236 was published Jan 5, 2026
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing... High Unreviewed
CVE-2025-15227 was published Dec 29, 2025
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an... Moderate Unreviewed
CVE-2025-14848 was published Dec 18, 2025
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 Moderate
CVE-2025-67898 was published for mjml (npm) Dec 15, 2025
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does... Critical Unreviewed
CVE-2025-34392 was published Dec 10, 2025
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability,... Moderate Unreviewed
CVE-2025-14253 was published Dec 8, 2025
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to... High Unreviewed
CVE-2025-36357 was published Nov 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database